package com.boxuegu.websecurity.bbs.controller;

import com.boxuegu.websecurity.bbs.service.MessageService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.GetMapping;

import javax.servlet.http.HttpServletResponse;

/**
 * XSS漏洞 demo程序
 *
 * @author Jam Fang  https://www.jianshu.com/u/0977ede560d4
 * @version 创建时间：2019.10.15 9:07
 */
@Controller
public class DemoController {

    @Autowired
    private MessageService messageService;

    /**
     * 存储型XSS演示
     *
     * @return
     */
    @GetMapping("/storexss")
    public String test2() {
        return "storexss";//返回templates的结果
    }

    /**
     * 反射型XSS演示   带回显功能
     *
     * @param reflectxss
     * @param map
     * @return
     */
    @GetMapping("/reflectxss")
    public String test1(String reflectxss, ModelMap map, HttpServletResponse response) {
        System.out.println(reflectxss);
        if (reflectxss == null || "".equals(reflectxss)) {
            map.put("result", "不包含reflectxss参数"); //添加结果
        } else {
            map.put("result", reflectxss); //添加结果
        }
        response.addHeader("X-XSS-Protection", "0");//为了绕过chome等浏览器的xss auditor防护
        return "reflectxss";//返回templates的结果
    }


    /**
     * DOM型XSS演示
     *
     * @param map
     * @return
     */
    @GetMapping("/domxss")
    public String test3(ModelMap map) {
        //response.addHeader("X-XSS-Protection", "0");//为了绕过chome等浏览器的xss auditor防护
        return "domxss";//返回templates的结果
    }
}
